The present invention generally relates to high data rate wireless communication networks and particularly relates to security and authentication procedures for high data rate wireless communication networks.
The Internet provides access to information resources worldwide. Users typically gain access to the Internet from a fixed station located in the home, office, school, or other location. Laptop computers and other portable computing devices provided a first step toward mobile Internet access by allowing the user to connect to the Internet through any connection point offered by the users' service provider. Some service providers, such as America Online (AOL), offer nationwide and/or worldwide access networks for their subscribers. However, laptop computers do not provide true mobile Internet access since the laptop's connection to the Internet during any given session is fixed. True mobile access would allow the user to move freely and change the point of connection to the Internet without disrupting service.
Recently, a protocol known as Mobile IP has been developed to allow a mobile terminal, such as a cellular phone or PDA, to access the Internet via a mobile communication network. RFC 2002, a standard proposed by a working group within the Internet Engineering Task Force (i.e., IETF) is one implementation of Mobile IP. This standard solves the problem of host mobility by using two IP addresses: a fixed home address and a “care of” address that changes depending on the location of the mobile terminal. The Mobile IP allows a mobile terminal to wirelessly connect to the Internet or other data network and to roam freely within the network and to change its point of connection to the Internet without disruption of service.
In order to handle packet data traffic, mobile communication networks have evolved from older circuit-switched networks to more modern packet-switched networks. Circuit-switched networks were originally designed to route voice traffic and low throughput data traffic. More modern mobile communication networks use packet-switching technology to provide high rate data services to mobile terminals. These new packet-switched networks allow a mobile terminal to connect to a public data network (PDN), such as the Internet, and maintain the connection as the mobile terminal roams within the network.
The Third Generation Partnership Project 2 (3GPP2) has proposed a standard known as the “3GPP2 Access Network Interfaces Interoperability Specification”, A.S0001.1 (June 2000) for a packet-switched mobile communication network. This standard, referred to herein as the 3GPP2 standard, describes a generalized network architecture that might be employed in a packet-switched network or other high data rate network. Mobile terminals communicate via RF signaling with radio base stations (RBSs), which are in turn controlled by one or more base station controllers (BSCs). Each BSC communicates with a packet control function (PCF), which serves as a specialized router that manages traffic going between the various BSCs and a gateway device, such as a high capacity router, connected to the Internet or other PDN. The gateway device, referred to as a packet data serving node (PDSN), and the PCF incorporate a variety of features and processes that allow them to validate, route, and synchronize the IP traffic flowing through the network. IP networks may be used to connect various network components, such as the PCF and PDSN, in a packet-switched network.
The use of IP networks in packet-switched networks makes such packet-switched networks more vulnerable to malicious attackers than circuit-switched networks because the 3GPP2 standard makes frequent use of remote redirection as a way to deal with the mobility of the mobile terminal. For example, the PDSN maintains a routing table that tells the PDSN which PCF to route traffic through for a specific mobile terminal as identified by an International Mobile terminal Identity (IMSI). When the mobile terminal moves from the coverage area of a first PCF, referred to as the source PCF, into the coverage area of a second PCF, referred to as the target PCF, the PDSN must be notified of the change so that it can update its routing table. In this case, the target PCF sends a registration request to the PDSN containing the IMSI of the mobile terminal. When the PDSN receives the registration request from the target PCF, it updates the routing table and initiates a procedure to terminate its connection to the source PCF.
Because the registration request is sent remotely to the PDSN, the PDSN must be certain that the registration request originated with the target PCF and not by a malicious agent. In the absence of well-designed authentication procedures, a malicious agent could cause the PDSN to alter its routing table with erroneous information by sending the PDSN a falsified registration request containing the IMSI of one of the mobile terminals served by the PDSN. The victimized mobile terminal would be unreachable to all incoming communications from the Internet. Further, the malicious agent could redirect packets intended for the victimized mobile terminal to itself.
The protocols used in the packet-switched mobile communication networks include authentication procedures to authenticate registration requests to prevent remote redirection by unauthorized agents. These authentication procedures include measures to fend off what is known as a replay attack. In a replay attack, a malicious agent records a previously-transmitted message which is authenticated by the receiving node and replays the authenticated message at a later date to subvert the authentication protocols. The receiving node, in this instance, might be fooled by the replayed message, which appears authentic to the receiving node. While the standards currently in use include measures to prevent a replay attack directed against the PDSN, a replay attack directed against the PCF is still possible. A replay attack directed against the PCF could cause the PCF to erroneously resynchronize its time clock or to accept and process a replayed message while missing the actual message sent by the PDSN. These erroneous actions could lead to service disruption at the PCF. The present invention provides an authentication procedure to eliminate this potential vulnerability.